From: Roland Shoemaker <roland@golang.org>
Date: Sat, 31 Aug 2024 04:11:09 +0000 (-0700)
Subject: crypto/internal/boring: disable LFS64 interfaces
X-Git-Tag: go1.24rc1~1015
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=a5708231ac8ae2a6f8806d2da502608d48bb3d84;p=gostls13.git

crypto/internal/boring: disable LFS64 interfaces

Comment out the definition in the libcrypto I/O code which enables
the LFS64 interfaces. We don't use any of the I/O bits and pieces, and
it's outside of the FIPS module, and it fixes some breakage in certain
scenarios.

Change-Id: Ie6597813726f94e23780b77d907cc1b9ccef36f0
Reviewed-on: https://go-review.googlesource.com/c/go/+/609976
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
---

diff --git a/src/crypto/internal/boring/build-boring.sh b/src/crypto/internal/boring/build-boring.sh
index 5e109653a4..c7dc4f37ad 100755
--- a/src/crypto/internal/boring/build-boring.sh
+++ b/src/crypto/internal/boring/build-boring.sh
@@ -30,6 +30,15 @@ export CGO_ENABLED=0
 # Go toolchain / clang toolchain combinations.
 perl -p -i -e 's/defined.*ELF.*defined.*GNUC.*/$0 \&\& !defined(GOBORING)/' boringssl/crypto/mem.c
 
+# We build all of libcrypto, which includes a bunch of I/O operations that we
+# don't actually care about, since we only really want the BoringCrypto module.
+# In libcrypto, they use the LFS64 interfaces where available in order to
+# traverse files larger than 2GB. In some scenarios this can cause breakage, so
+# we comment out the _FILE_OFFSET_BITS definition which enables the LFS64
+# interfaces. Since this code is outside of the FIPS module, it doesn't affect
+# the certification status of the module. See b/364606941 for additional context.
+perl -p -i -e 's/(#define _FILE_OFFSET_BITS 64)/\/\/ $1/' boringssl/crypto/bio/file.c
+
 # Verbatim instructions from BoringCrypto build docs.
 printf "set(CMAKE_C_COMPILER \"clang\")\nset(CMAKE_CXX_COMPILER \"clang++\")\n" >${HOME}/toolchain
 cd boringssl
diff --git a/src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso b/src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso
index 5ba8919dc1..6d0aeb8335 100644
Binary files a/src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso and b/src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso differ
diff --git a/src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso b/src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso
index c0f80c17e4..23736c82f6 100644
Binary files a/src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso and b/src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso differ